/*
 * Copyright (c) 2024 Huawei Device Co., Ltd.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 
 /* 
 * @testsuite Arkts test suite
 * @description
 * The vulnerability of improper certificate validation exists when an 
 * application fails to properly validate the server's certificate during 
 * SSL/TLS communication.
 * @author Huawei
 *
 */

import axios from 'axios';
import https from 'https';

const secureAgent = new https.Agent({
	/* POTENTIAL GOOD: Explicitly enabling TLS certificate validation. */
  rejectUnauthorized: true,
});

async function fetchUserData() {
  try {
    const response = await axios.get('https://api.bank.com/user', {
      httpsAgent: secureAgent,
    });
    console.log(response.data);
  } catch (error) {
    console.error('Request failed:', error.message);
  }
}

fetchUserData();